Posted by
CmdrTaco
on Thu Aug 05, '04 03:58 PMfrom the flushing-the-toxins dept.DECula writes "Humphrey Cheung has written an excellent article for Tomshardware about what WAS Defcon 12. The combination of talks about a BlueSniper antenna and BlueSnarfing was a good match."

The
fight was crazy. Basically the kid told the crowd to go to the
Republican Convention and "Fuck up their shit" via any means possible.
He told everyone to hack the website, use DDoS attacks, etc. He must be
a fucking moron to start talking politics at a hacker convention.

Basically, the crowd got pissed at his anti-free speech talk and
started giving him shit. Security cut the talk short, and the crowd
mobbed the stage to start firing questions at this punk. Eventually, 1
guy got nose to nose with the speaker, which is when he was wisked away
by security.

One of the pic sites has several photos of team Tsunami locked into an
epic FPS netgame, complete with multicolored LAN cables and cans of
soda, right before showcasing the team learning how to use REAL
firearms at one of Nevada's many target ranges.....

One might doubt the wisdom of issuing sniper rifles and live ammunition to Counter Strike junkies.

...hehe, i gotta love a tradition such as this: both parties being good sports and enjoying the moment. You know
the agents consider being "assigned" to Defcon to be treat - it's fun.
New stuff, new tech, new ideas, new kids breaking the system, just good
ol' fun as i see it.

Oh lord, the oh-no-it's-not-fun-it's-against-the-law crowd will come
out on this one. Seriously though, know thine enemy, what good fortune
that you can enjoy the company of said "enemy". Hell, the Defcon kids
enjoy knowing the "Feds" are there and will be watching. This is the
cat and mouse that i admire and enjoy.

i'm
serious, good to see this tradition is still going strong. May both
parties always be present, enjoy and learn....and i mean that, both
parties. Happy hunting:)

Odd that they'd mention the BlueTooth rifle, but not mentioning the
Shmoo 802.11 rifle..same idea, much sexier design, dangerous power
levels...like, 13 Watts. They claimed that it was dangerous to stand in
front of or behind it while it was on.

These two rifles are very similar - it's what's hooked up to them that
matters. The Shmoo group used a Wi-Fi system with a 27 dB amplifier,
while the Flexilis group used a Class 1 Bluetooth USB adapter modded
with a cable and bluedriving software. (Note: I put together the
wireless hardware used on the the Bluesniper rifle.)

So, does anyone know what the "Electronic Civil Disobedience and the
Republican National Convention" talk covered, and what the speaker
might have said to get someone riled enough that he was attacked ??

Although I can see the argument that some sort of electronic attack on
the RNC cold be a valid form of civil disobedience, I definitely have
to agreee with you that this guy is just lame lame lame, for the
following reasons:

1) The best you can propose is a DDOS attack? I mean, come on! That's
just stupid, and causes collateral network slowdowns as well... how
about something useful, like getting into the servers, redirecting to other [georgewbush.org] websites or plain ol-fashioned defacing of main pages? A DDOS attack... it's just so lame...

2) The guy can't even write a decent call-to-arms. "undemocratic will of the people" ? Did someone proofread this crap??;-)

And no, I am not advocating that anyone should hack into any
computer system, anywhere, because that would be wrong and illegal. No,
really...

Besides, individual bodies actually showing up in
person all at once would be much more convincing and newsworthy than a
website being down for a few minutes. If you want to disrupt the
convention, I'm guessing a whole bunch of protesters showing up in
person would be more effective than shutting down a website.

At
Defcon 12 this year my cow-orkers and I brought along a little piece of
code called "airpwn." Airpwn is a platform for injection of application
layer data on an 802.11b network. Although the potential for evil is
very high with this tool, we decided to demonstrate it (and give it its
first real field trial) on something nasty, but harmless (compared to
say, wiping your hard-drive)

airpwn requires two 802.11b
interfaces, one for listening, and another for injecting. It uses a
config file with multiple config sections to respond to specific data
packets with arbitrary content. For example, in the HTML goatse
example, we look for any TCP data packets starting with "GET" or "POST"
and respond with a valid server response including a reference to the
canonical goatse image.

Humphrey is totally in the field with his Tom's Hardware write-ups. Remember when he was the pilot Warflying [slashdot.org] over LA?

Later that day, I talked to the fed who got nabbed in that spot the fed video
[tomshardware.com]. He was running Kismet when he got called up. Others
around him whispered "He can't be a fed, he's running Kismet". Don't be
fooled. I think some of these fed types dig technology as much as any
hacker.

The Bluesniper rifle by the guys at Flexilis is so cool - I
built the bluetooth gear for them from the kits on my bluedriving.com
site. And I had a chance to look through the scope at DefCon, but
didn't get to bluesnipe anyone with it yet.

The Shmoo Group has another rad wireless sniper rifle they
showed at DefCon. (I think the Flexilis guys got the bag on Shmoo this
time for walking in the first day carrying the rifle.) Check out
Shmoo's build-it instructions: LINK [shmoocon.org]

There is a story about the miners strike in England 1983-84, that the
[fascist] state tried to have automated tape recorders to record any
miners strike conversations, but everyone was talking about it then,
and so the tapes ran out.

From the Article:

'The
volume of information being seized for forensic analysis has
mushroomed. It is not uncommon to see multiple terabytes of storage
being examined. Agents said that some cases are approaching the
petabyte range. Usually is because of emails and email attachments.
Only with the development of better search techniques can the evidence
be examined, as it is physically impossible to read every single email
in many of these massive cases. [an error occurred while processing
this directive]'

Sounds like a challenge to blow their storage
capacity and search capacity, blow your Broadband upload and download
limits, you know you want to, it is for a cause (the development of
better search algoriths of course, or sedition, or both).

I reckon they store everything and look back at their logs when something crops up through less automated means.

Was this conference the reason behind a large increase in SSH attack
attemps over the past two weeks? The past few months had been
relatively quiet in regard to SSH attacks (I was wondering if I'd been
cracked and they weren't being reported any more), but I've been
getting multiple attempts pretty much daily for the past two weeks.
What's up?